The Ni Purchase Order(PO) For WooCommerce WordPress plugin up to and including 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
naziinfotech ni purchase order\\(po\\) for woocommerce |